Fixed the awful generator

master
xtremegamer1 2 years ago
parent 10c39981cc
commit 512b19292c

@ -102,11 +102,27 @@ profiler_t jmp = {
i.operands[1].reg.value == i.operands[1].reg.value ==
mov_reg_deref_vsp->m_instr.operands[0].reg.value; mov_reg_deref_vsp->m_instr.operands[0].reg.value;
}); });
//It is possible that mov_vip_reg is actually updating the rolling key, if so use original vip
const auto load_handler_rva = std::find_if(
mov_vip_reg, instrs.end(),
[&](const emu_instr_t& instr) -> bool {
const auto& i = instr.m_instr;
return i.mnemonic == ZYDIS_MNEMONIC_MOV &&
i.operands[0].type == ZYDIS_OPERAND_TYPE_REGISTER &&
vm::utils::is_32_bit_gp(i.operands[0].reg.value) &&
i.operands[1].type == ZYDIS_OPERAND_TYPE_MEMORY &&
i.operands[1].mem.base ==
mov_vip_reg->m_instr.operands[0].reg.value;
});
if (mov_vip_reg == instrs.end()) if (mov_vip_reg == instrs.end())
return {}; return {};
vip = mov_vip_reg->m_instr.operands[0].reg.value; vip = (load_handler_rva != instrs.end()) ?
mov_vip_reg->m_instr.operands[0].reg.value :
mov_vip_reg->m_instr.operands[1].reg.value;
//Ok so basically mov_vip_reg, despite its name, isn't guaranteed to be
//mov vip, reg, and can in fact be mov rkey, vip.
// see if VSP gets updated as well... // see if VSP gets updated as well...
const auto mov_reg_vsp = std::find_if( const auto mov_reg_vsp = std::find_if(

Loading…
Cancel
Save